package freedom.easyit;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@SpringBootApplication
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

    /**
     * Web安全配置
     */
    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        // 放行静态资源
        @Override
        public void configure(WebSecurity web) throws Exception {
            // @formatter:off
            web
            .ignoring()
            .antMatchers(
                "/**/*.ico", 
                "/**/*.png", 
                "/**/*.js", 
                "/**/*.css", 
                "/**/*.html"
                );
            // @formatter:on

        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            // @formatter:off
            http
            .cors()
            .and().headers().frameOptions().sameOrigin()
            .and().csrf().disable()
            .authorizeRequests()
            .anyRequest().authenticated()
            .and().formLogin().permitAll()
            
            ;
 
            // @formatter:on

        }

    }
}
